With China, even cybercrime syndicates are larger than life due to the huge population, says a McAfee researcher.

China’s cybercrime enterprise is large, lucrative and expanding quickly into other countries that have weak cybercrime legislation or weak enforcement—such as Malaysia, Indonesia, Cambodia and the Philippines. These well-organised criminal groups even recruit criminal apprentices, and now also target individuals and organisations in South Korea, Taiwan, Singapore, Germany, Canada and the United States.

Like something out of a fictional narrative but supported by well-researched data by McAfee’s Advanced Product Group (APG), the China cybercriminals have their own jargon: a compromised computer or server is called “chicken meat.” Stolen bank accounts, credit card passwords, or other hijacked accounts are referred to as either “letters” or “envelopes.” Malicious websites and email accounts used for credential phishing attacks or spamming are referred to as “boxes.” Stolen information or details stored in the back of the magnetic stripe of a bank card are referred to as “data”, “track material” or simply “material.” They also employ money launderers, commonly referred to as “material-washing men.”

The ostensibly innocent-sounding jargon hides a plethora of services offered by hackers who even provide 24/7 technical support for customers who do not have a technical background: Distributed Denial of Service (DDoS) botnets, traffic sales, source code writing services, email/SMS spam and flooding services are available on the Chinese black markets.

Research shows Chinese cybercriminals offer goods and services ranging from physical counterfeits or scans of US and Canadian driver’s licenses, US cell phone numbers, credit cards and identification cards to stolen social media and email accounts.

One million stolen US emails accounts with encrypted passwords are selling for US$117; 1.9 million stolen German email accounts with clear text passwords are available on the Chinese black market for US$400. Counterfeits or scans of US or Canadian passports or drivers’ licenses are also for sale for as little as US$13. It is unlikely that the owners of these email addresses are aware that their emails have been stolen and sold by Chinese cybercriminals because this information is usually only on the dark web, and the average internet user does not access this market.

CybersecAsia fired some questions at Anne An, main researcher and head of McAfee APG  on the subject of this particular class of cybercriminal:

CybersecAsia (CA): You mention that Chinese cybercrime is expanding quickly. If unstopped or not minimised, how much will they be worth in 3 or 4 years?

Anne An (AA): China’s cybercrime is expected to continuously grow at a rate of more than 30% a year. At this rate, it would very possible to double in value within 3 or 4 years from US$15 billion dollars to US$30 billion unless their progress can be blocked.

CA: Are Chinese cybercriminals equipped to steal and sell data from remote areas? For example, can they steal data be stolen from several telecommunications towers entering the tower themselves? 

AA: It is possible to steal data from remote areas through communication towers. Our research on the dark web has revealed instances of data illegally acquired from telecommunications towers being traded in other prominent underground markets. However, it is not clear whether the hackers acquired the data through physical access (i.e., entering communication towers) or remote access tools (i.e., phishing emails against employees of communication towers or their communications companies).

Some Chinese cybercriminals work with malicious insiders, or hire hackers to work as undercover agents inside of telecommunications service providers, financial services and technology companies to steal company secrets or other proprietary information. Hackers working as undercover agents would have physical access to sensitive data.

CA: Would increased government spending on cybersecurity stifle these Chinese cybercriminal activities or will more enforcement of existing laws and/or more stringent cybercrime legislation be the solution?

AA: Cybercrime is a growth industry. Adversaries can draw upon huge profits to continually innovate, so therefore any spending must be smarter about investments since budgets will likely dwarf what specific threat actors have. This is why threat intelligence is so critical for modern enterprises: working smarter to counter relevant threats against a specific organisation; vertical or geography allows the focusing of effort against the issues that really matter. 

This understanding can be used to enhance threat monitoring, threat hunting, incident response and other areas of active defense strategies. McAfee APG’s research on the business of Chinese cybercrime provides visibility into potential threats or malicious behavior targeting organisations.

Our take on Chinese cybercrime educates practitioners on the threats around them, empowering them to proactively prepare their organisations, rather than being reactive to attacks. Further, there are many times where organisations are not even aware that they have been a victim of a cyberattack. This includes data that McAfee APG finds being sold on the dark web, and in some cases, could have a devastating effect on their business. We detect such incidents as early as possible to give our customers the fastest warning, which would minimise the impact of threats.